<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
 <head>
  <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  <title>Sign a CSR with another certificate (or itself) and generate a certificate</title>

 </head>
 <body><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-new.html">openssl_csr_new</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="function.openssl-decrypt.html">openssl_decrypt</a></div>
 <div class="up"><a href="ref.openssl.html">OpenSSL 函数</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div><hr /><div id="function.openssl-csr-sign" class="refentry">
 <div class="refnamediv">
  <h1 class="refname">openssl_csr_sign</h1>
  <p class="verinfo">(PHP 4 &gt;= 4.2.0, PHP 5)</p><p class="refpurpose"><span class="refname">openssl_csr_sign</span> &mdash; <span class="dc-title">Sign a CSR with another certificate (or itself) and generate a certificate</span></p>

 </div>
 
 <div class="refsect1 description" id="refsect1-function.openssl-csr-sign-description">
  <h3 class="title">说明</h3>
  <div class="methodsynopsis dc-description">
   <span class="type">resource</span> <span class="methodname"><strong>openssl_csr_sign</strong></span>
    ( <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <code class="parameter">$csr</code></span>
   , <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <code class="parameter">$cacert</code></span>
   , <span class="methodparam"><span class="type"><a href="language.pseudo-types.html#language.types.mixed" class="type mixed">mixed</a></span> <code class="parameter">$priv_key</code></span>
   , <span class="methodparam"><span class="type">int</span> <code class="parameter">$days</code></span>
   [, <span class="methodparam"><span class="type">array</span> <code class="parameter">$configargs</code></span>
   [, <span class="methodparam"><span class="type">int</span> <code class="parameter">$serial</code><span class="initializer"> = 0</span></span>
  ]] )</div>

  <p class="para rdfs-comment">
   <span class="function"><strong>openssl_csr_sign()</strong></span> generates an x509 certificate
   resource from the given CSR.
  </p>
  <blockquote class="note"><p><strong class="note">Note</strong>: 
<span class="simpara">
 必须安装有效的 <var class="filename">openssl.cnf</var> 以保证此函数正确运行。参考有关<a href="openssl.installation.html" class="link">安装</a>的说明以获得更多信息。
</span>
</p></blockquote>
 </div>


 <div class="refsect1 parameters" id="refsect1-function.openssl-csr-sign-parameters">
  <h3 class="title">参数</h3>
  <p class="para">
   <dl>

    
     <dt>
<em><code class="parameter">csr</code></em></dt>

     <dd>

      <p class="para">
       A CSR previously generated by <span class="function"><a href="function.openssl-csr-new.html" class="function">openssl_csr_new()</a></span>.
       It can also be the path to a PEM encoded CSR when specified as
       <var class="filename">file://path/to/csr</var> or an exported string generated
       by <span class="function"><a href="function.openssl-csr-export.html" class="function">openssl_csr_export()</a></span>.
      </p>
     </dd>

    
    
     <dt>
<em><code class="parameter">cacert</code></em></dt>

     <dd>

      <p class="para">
       The generated certificate will be signed by <em><code class="parameter">cacert</code></em>.
       If <em><code class="parameter">cacert</code></em> is <strong><code>NULL</code></strong>, the generated certificate
       will be a self-signed certificate.
      </p>
     </dd>

    
    
     <dt>
<em><code class="parameter">priv_key</code></em></dt>

     <dd>

      <p class="para">
       <em><code class="parameter">priv_key</code></em> is the private key that corresponds to
       <em><code class="parameter">cacert</code></em>.
      </p>
     </dd>

    
    
     <dt>
<em><code class="parameter">days</code></em></dt>

     <dd>

      <p class="para">
       <em><code class="parameter">days</code></em> specifies the length of time for which the
       generated certificate will be valid, in days.
      </p>
     </dd>

    
    
     <dt>
<em><code class="parameter">configargs</code></em></dt>

     <dd>

      <p class="para">
       You can finetune the CSR signing by <em><code class="parameter">configargs</code></em>.
       See <span class="function"><a href="function.openssl-csr-new.html" class="function">openssl_csr_new()</a></span> for more information about
       <em><code class="parameter">configargs</code></em>.
      </p>
     </dd>

    
    
     <dt>
<em><code class="parameter">serial</code></em></dt>

     <dd>

      <p class="para">
       An optional the serial number of issued certificate. If not specified
       it will default to 0.
      </p>
     </dd>

    
   </dl>

  </p>
 </div>


 <div class="refsect1 returnvalues" id="refsect1-function.openssl-csr-sign-returnvalues">
  <h3 class="title">返回值</h3>
  <p class="para">
   Returns an x509 certificate resource on success, <strong><code>FALSE</code></strong> on failure.
  </p>
 </div>


 <div class="refsect1 changelog" id="refsect1-function.openssl-csr-sign-changelog">
  <h3 class="title">更新日志</h3>
  <p class="para">
   <table class="doctable informaltable">
    
     <thead>
      <tr>
       <th>版本</th>
       <th>说明</th>
      </tr>

     </thead>

     <tbody class="tbody">
      <tr>
       <td>4.3.3</td>
       <td>
        The <em><code class="parameter">serial</code></em> parameter was added.
       </td>
      </tr>

     </tbody>
    
   </table>

  </p>
 </div>


 <div class="refsect1 examples" id="refsect1-function.openssl-csr-sign-examples">
  <h3 class="title">范例</h3>
  <p class="para">
   <div class="example" id="example-834">
    <p><strong>Example #1 <span class="function"><strong>openssl_csr_sign()</strong></span> example - signing a
     CSR (how to implement your own CA)</strong></p>
    <div class="example-contents">
<div class="phpcode"><code><span style="color: #000000">
<span style="color: #0000BB">&lt;?php<br /></span><span style="color: #FF8000">//&nbsp;Let's&nbsp;assume&nbsp;that&nbsp;this&nbsp;script&nbsp;is&nbsp;set&nbsp;to&nbsp;receive&nbsp;a&nbsp;CSR&nbsp;that&nbsp;has<br />//&nbsp;been&nbsp;pasted&nbsp;into&nbsp;a&nbsp;textarea&nbsp;from&nbsp;another&nbsp;page<br /></span><span style="color: #0000BB">$csrdata&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">$_POST</span><span style="color: #007700">[</span><span style="color: #DD0000">"CSR"</span><span style="color: #007700">];<br /><br /></span><span style="color: #FF8000">//&nbsp;We&nbsp;will&nbsp;sign&nbsp;the&nbsp;request&nbsp;using&nbsp;our&nbsp;own&nbsp;"certificate&nbsp;authority"<br />//&nbsp;certificate.&nbsp;&nbsp;You&nbsp;can&nbsp;use&nbsp;any&nbsp;certificate&nbsp;to&nbsp;sign&nbsp;another,&nbsp;but<br />//&nbsp;the&nbsp;process&nbsp;is&nbsp;worthless&nbsp;unless&nbsp;the&nbsp;signing&nbsp;certificate&nbsp;is&nbsp;trusted<br />//&nbsp;by&nbsp;the&nbsp;software/users&nbsp;that&nbsp;will&nbsp;deal&nbsp;with&nbsp;the&nbsp;newly&nbsp;signed&nbsp;certificate<br /><br />//&nbsp;We&nbsp;need&nbsp;our&nbsp;CA&nbsp;cert&nbsp;and&nbsp;its&nbsp;private&nbsp;key<br /></span><span style="color: #0000BB">$cacert&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #DD0000">"file://path/to/ca.crt"</span><span style="color: #007700">;<br /></span><span style="color: #0000BB">$privkey&nbsp;</span><span style="color: #007700">=&nbsp;array(</span><span style="color: #DD0000">"file://path/to/ca.key"</span><span style="color: #007700">,&nbsp;</span><span style="color: #DD0000">"your_ca_key_passphrase"</span><span style="color: #007700">);<br /><br /></span><span style="color: #0000BB">$usercert&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_csr_sign</span><span style="color: #007700">(</span><span style="color: #0000BB">$csrdata</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$cacert</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$privkey</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">365</span><span style="color: #007700">);<br /><br /></span><span style="color: #FF8000">//&nbsp;Now&nbsp;display&nbsp;the&nbsp;generated&nbsp;certificate&nbsp;so&nbsp;that&nbsp;the&nbsp;user&nbsp;can<br />//&nbsp;copy&nbsp;and&nbsp;paste&nbsp;it&nbsp;into&nbsp;their&nbsp;local&nbsp;configuration&nbsp;(such&nbsp;as&nbsp;a&nbsp;file<br />//&nbsp;to&nbsp;hold&nbsp;the&nbsp;certificate&nbsp;for&nbsp;their&nbsp;SSL&nbsp;server)<br /></span><span style="color: #0000BB">openssl_x509_export</span><span style="color: #007700">(</span><span style="color: #0000BB">$usercert</span><span style="color: #007700">,&nbsp;</span><span style="color: #0000BB">$certout</span><span style="color: #007700">);<br />echo&nbsp;</span><span style="color: #0000BB">$certout</span><span style="color: #007700">;<br /><br /></span><span style="color: #FF8000">//&nbsp;Show&nbsp;any&nbsp;errors&nbsp;that&nbsp;occurred&nbsp;here<br /></span><span style="color: #007700">while&nbsp;((</span><span style="color: #0000BB">$e&nbsp;</span><span style="color: #007700">=&nbsp;</span><span style="color: #0000BB">openssl_error_string</span><span style="color: #007700">())&nbsp;!==&nbsp;</span><span style="color: #0000BB">false</span><span style="color: #007700">)&nbsp;{<br />&nbsp;&nbsp;&nbsp;&nbsp;echo&nbsp;</span><span style="color: #0000BB">$e&nbsp;</span><span style="color: #007700">.&nbsp;</span><span style="color: #DD0000">"\n"</span><span style="color: #007700">;<br />}<br /></span><span style="color: #0000BB">?&gt;</span>
</span>
</code></div>
    </div>

   </div>
  </p>
 </div>


</div><hr /><div class="manualnavbar" style="text-align: center;">
 <div class="prev" style="text-align: left; float: left;"><a href="function.openssl-csr-new.html">openssl_csr_new</a></div>
 <div class="next" style="text-align: right; float: right;"><a href="function.openssl-decrypt.html">openssl_decrypt</a></div>
 <div class="up"><a href="ref.openssl.html">OpenSSL 函数</a></div>
 <div class="home"><a href="index.html">PHP Manual</a></div>
</div></body></html>
